Serg Nvns - Fotolia

Mobile identity management gets a makeover

Okta and Box expand their partnership to include mobile identity management and single sign-on capabilities. EMM vendors, such as MobileIron and VMware AirWatch, also get in on the game.

IT's job is getting easier thanks to new mobile identity management and single sign-on technologies.

These tools have become more prevalent as IT tries to streamline how it controls access to the wide variety of services that mobile workers use. Identity management allows IT to verify who the user is, and then implement policies regarding data and application access. Single sign-on (SSO) grants users access to all their applications with one login and no need for further authentication in each app. Enterprise mobility management (EMM) providers MobileIron and VMware AirWatch recently added these kinds of capabilities, and Box and Okta Inc. expanded their existing partnership to incorporate SSO. 

Carlisle Construction Materials adopted Okta's identity management platform just before the vendor added integration with enterprise file-sharing service Box in March. The manufacturer has more than 2,500 employees across 15 locations in the United States, including many employees who work remotely.

"We want to incorporate as much as we can to be single sign-on," said Jeff Janovich, a software analyst at the company in Carlisle, Pa. "We want to take it as far as we can go."

SSO improves UX

Okta's SSO feature now allows users to access the Box mobile app through Okta's app store. It also provides users access to their IT-approved apps, without requiring them to enter usernames or passwords every time they log into an app. Users enter just one PIN to access all their apps, rather than entering one login for Okta and another for Box.

This improved user experience is one of SSO's greatest benefits, said Jack Gold, principal and founder of J. Gold Associates LLC, a mobile analyst firm in Northborough, Mass.

If you make things easy to use, I'll use it. If it's not easy to use, then I'll find a way around it.
Jack Goldprincipal and founder, J. Gold Associates

"If you make things easy to use, I'll use it," Gold said. "If it's not easy to use, then I'll find a way around it."

In addition, Okta allows IT to set policies regarding what content employees can access through Box and where they can access it from. IT can also deny access to Box to users whose devices are not enrolled in EMM. The best part is that IT can configure devices remotely with Okta, Janovich said. The combination of identity management, EMM and SSO, in addition to the integration of Box, takes away some of the heavy lifting from his company's small IT department, he said.

"It makes my life easier," he added. "I don't have to hop in and out of 20 different systems to do all that. That combination is fantastic."

That kind of cross-platform integration is what really helps, because IT used to have to manage users' identities through each app individually, Gold said.

MobileIron, VMware improve ID management

EMM vendors are also adding mobile identity management and SSO capabilities.

MobileIron in April released MobileIron Access, a new security capability for its EMM platform that uses identity management to restrict which cloud applications employees can use. IT can block users from accessing corporate data from devices and apps that don't comply with security policies. IT can also restrict user access from specific locations or networks.

MobileIron Access automatically recognizes whether users comply with these policies when they attempt to log into their MobileIron accounts on their managed devices. The feature also provides visibility into and reports on cloud service usage. The platforms MobileIron Access supports out of the gate include Box, Google Apps for Work, Microsoft Office 365 and Salesforce, and the company said it plans to expand this list.

VMware has made strides in mobile identity management as well. The company's Workspace One platform, released in February, updated VMware Identity Manager with better integration with AirWatch. It also offered more advanced conditional access policies, including the ability to restrict access to data based on the user's geographical location or the quality of the network. Identity Manager can communicate with AirWatch to determine if a user is prohibited from accessing certain apps or data.

Additionally, Workspace One takes advantage of Identity Manager's SSO feature to allow for easier, secure access to all corporate apps. "It's a neat value proposition for VMware and even AirWatch," said Robert Young, research analyst at IDC. "That's where virtual client computing is going. You get the user experience that feels native."

Next Steps

Why identity management is essential to mobile security

Identity and access management is the future of end-user computing

How cloud identity management can ease authentication blues

Dig Deeper on EMM tools | Enterprise mobility management technology